At lovd, we take security seriously. We appreciate the security research community and believe in responsible disclosure of security vulnerabilities.
If you believe you've discovered a security vulnerability in our systems, please follow these steps:
- Email us at mike@lovd.app with a detailed description of the vulnerability using the PGP key above.
- Include steps to reproduce the issue
- Provide any proof-of-concept code if applicable
- Allow us reasonable time to respond and address the issue before public disclosure
When working with us, you can expect:
- Acknowledgment of your report within 48 hours
- Regular updates on the progress of your report
- Recognition for your contribution (if desired)
- Protection from legal action when following our responsible disclosure policy
This policy applies to all lovd products and services, including:
- Our web applications and APIs
- Mobile applications
- Infrastructure components
The following are not considered valid vulnerabilities under this policy:
- Denial of Service (DoS) attacks
- Spam or social engineering attacks
- Physical security attacks
- Third-party applications or websites